2b5e3fcc801c0d1592eab89bafde34e2.pcap

MD52b5e3fcc801c0d1592eab89bafde34e2
Submission Date2020-03-25 16:57:29
Tags(not set)
Alert 2
Showing 1-2 of 2 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-02-23T14:08:58.701541-0800192.168.1.101185.98.87.192ET TROJAN Win32/AZORult V3.3 Client Checkin M8*
2
2020-02-23T14:09:13.975866-0800185.98.87.192192.168.1.101ET TROJAN AZORult v3.3 Server Response M3*
DNS 8
Showing 1-8 of 8 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2020-02-23T14:08:43.290684-0800192.168.1.101192.168.1.1queryteredo.ipv6.microsoft.comA(not set)
2
2020-02-23T14:08:43.684227-0800192.168.1.1192.168.1.101answerteredo.ipv6.microsoft.comA(not set)
3
2020-02-23T14:08:44.637076-0800192.168.1.101192.168.1.1querytime.windows.comA(not set)
4
2020-02-23T14:08:45.091196-0800192.168.1.1192.168.1.101answertime.windows.comA(not set)
5
2020-02-23T14:08:41.172305-0800192.168.1.101192.168.1.1querytime.windows.comA(not set)
6
2020-02-23T14:08:41.588195-0800192.168.1.1192.168.1.101answertime.windows.comA(not set)
7
2020-02-23T14:08:55.243522-0800192.168.1.101192.168.1.1queryspartvishltd.comA(not set)
8
2020-02-23T14:08:55.888292-0800192.168.1.1192.168.1.101answerspartvishltd.comA(not set)
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 2
Showing 1-2 of 2 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-02-23T14:09:52.659235-0800192.168.1.101spartvishltd.com80POST/index.php200
2
2020-02-23T14:09:50.684940-0800192.168.1.101spartvishltd.com80POST/index.php200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 20
Showing 1-20 of 20 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-02-23T14:08:46.262362-0800849943827572123flow192.168.1.101137192.168.1.255137UDPpcapanalyzer
2
2020-02-23T14:08:46.262362-08001985193878181437flow192.168.1.10152020224.0.0.2525355UDPpcapanalyzer
3
2020-02-23T14:08:46.262362-08001283971747540679flow192.168.1.10163252224.0.0.2525355UDPpcapanalyzer
4
2020-02-23T14:08:46.262362-08001010000078580263flow192.168.1.10151370224.0.0.2525355UDPpcapanalyzer
5
2020-02-23T14:08:46.262362-08001150797696695343flow192.168.1.10152171224.0.0.2525355UDPpcapanalyzer
6
2020-02-23T14:08:46.262362-0800874927653107522flow192.168.1.10163983192.168.1.153UDPpcapanalyzer
7
2020-02-23T14:08:46.262362-0800317780199698538flow192.168.1.10163257239.255.255.2501900UDPpcapanalyzer
8
2020-02-23T14:08:46.262362-08002148321031440855flow192.168.1.101138192.168.1.255138UDPpcapanalyzer
9
2020-02-23T14:08:46.262362-08001307512463270161flow192.168.1.10155959192.168.1.153UDPpcapanalyzer
10
2020-02-23T14:08:46.262362-0800328474668470382flow192.168.1.10156510239.255.255.2503702UDPpcapanalyzer
11
2020-02-23T14:08:46.262362-08001454851316346390flow192.168.1.10152827224.0.0.2525355UDPpcapanalyzer
12
2020-02-23T14:08:46.262362-08001342701130414930flow192.168.1.10161853224.0.0.2525355UDPpcapanalyzer
13
2020-02-23T14:08:46.262362-08001909761367568252flow192.168.1.10163719192.168.1.153UDPpcapanalyzer
14
2020-02-23T14:08:46.262362-0800934868215808015flow192.168.1.10161854239.255.255.2503702UDPpcapanalyzer
15
2020-02-23T14:08:46.262362-08001078371663263892flow192.168.1.10156509192.168.1.153UDPpcapanalyzer
16
2020-02-23T14:08:46.262362-0800672531613345865flow192.168.1.1011900239.255.255.2501900UDPpcapanalyzer
17
2020-02-23T14:08:46.262362-0800392607120724107flow192.168.1.10149295185.98.87.19280TCPpcapanalyzer
18
2020-02-23T14:08:46.262362-08001378040125788245flow192.168.1.10149301185.98.87.19280TCPpcapanalyzer
19
2020-02-23T14:08:46.262362-0800680253964486511flow192.168.1.10112351.145.123.29123UDPpcapanalyzer
20
2020-02-23T14:08:46.262362-0800547668324112168flow192.168.1.10157333239.255.255.2503702UDPpcapanalyzer
File 4
Showing 1-4 of 4 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-02-23T14:08:55.889745-0800192.168.1.101185.98.87.192/index.phpdata97
2
2020-02-23T14:09:51.865500-0800192.168.1.101185.98.87.192/index.phpdata44588
3
2020-02-23T14:09:52.659235-0800185.98.87.192192.168.1.101/index.phpASCII text, with no line terminators2
4
2020-02-23T14:09:50.684940-0800185.98.87.192192.168.1.101/index.phpdata4474690

Comments(not set)

Update Download PCAP Delete